Menu

Github

Contact Me

KeybaseIO

Announcing Yosai v0.3

About Yosai

Yosai is an Apache2-licensed security framework written in Python that provides
industrial strength authentication, authorization, and session management from
a common API. You can secure any kind of Python application with it.

I’ve created a complete tutorial
to help you learn how to use TOTP in your project. The tutorial guides you
through setup and workflow.

Rate Limiting / Account Locking

Yosai now allows developers to regulate account authentication for any particular
user account by defining a number of maximum allowable authentication attempts.
If a developer defines within yosai’s authentication settings an account_lock_threshold,
defining a limit to the total allowable failed attempts during authentication,
account locking is enabled.

Assuming account locking is enabled, the moment that the number of failed
authentication attempts exceeds the maximum-allowable threshold, Yosai will lock
the account, prohibiting subsequent authentication regardless of whether
credentials match.

Refactoring and Optimizations

Refactoring is an iterative process that ought to be undertaken when the benefits
of doing so are sufficient to justify the expenditure of effort required to perform
it. In this case, the ends justified the means: Yosai v0.3 is leaner, meaner, and
consequently a whole lot more pythonic than prior versions.

Project Details

Yosai works with newer versions of python3, specifically py3.4 and newer.

Passlib 1.7

Yosai v0.3 uses Passlib for cryptographic hashing and totp token generation. This
was made possible by the latest Passlib 1.7 release. I’d like to thank its author,
Eli, for his dedication to the project. To learn more about this project and the
updates in 1.7, vist the passlib web site.

Release highlights:
- Argon2 & Scrypt hash support
- TOTP support
- PBKDF2 now has faster builtin backend, and utilizes other backends where available
- Lots of API cleanups and internal refactoring
- HtpasswdFile reader is now more flexible, and with improved security options.
- Refreshed documentation